From 92d052faf017d373d0194d66ed7cf896b48f9c5a Mon Sep 17 00:00:00 2001
From: tigerbot <seth.gibelyou@daplie.com>
Date: Fri, 11 Aug 2017 16:38:22 -0600
Subject: [PATCH] made req.oauth3 immutable after its creation

---
 lib/oauth3.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/oauth3.js b/lib/oauth3.js
index fc3bc6f..28ee6a9 100644
--- a/lib/oauth3.js
+++ b/lib/oauth3.js
@@ -165,6 +165,15 @@ function verifyToken(token) {
   });
 }
 
+function deepFreeze(obj) {
+  Object.keys(obj).forEach(function (key) {
+    if (obj[key] && typeof obj[key] === 'object') {
+      deepFreeze(obj[key]);
+    }
+  });
+  Object.freeze(obj);
+}
+
 function attachOauth3(req, res, next) {
   req.oauth3 = {};
 
@@ -210,6 +219,8 @@ function attachOauth3(req, res, next) {
       return PromiseA.resolve(sub || ppid);
     };
   }).then(function () {
+    deepFreeze(req.oauth3);
+    Object.defineProperty(req, 'oauth3', {configurable: false, writable: false});
     next();
   }, function (err) {
     res.send(err);